Microsoft Tightens the Reins: New Default Security Blocks NTLM Relay Attacks on Exchange Servers
Microsoft has introduced new default security measures to thwart NTLM relay attacks on Exchange servers. By enabling Extended Protection for Authentication (EPA) and channel binding by default, the tech giant aims to make NTLM relay attacks as outdated as dial-up internet. Microsoft is set on ensuring Exchange doesn’t become a threat actor’s favorite playground.
Hot Take:
Microsoft is coming in hot with their new security updates, making sure their Exchange servers are no longer the low-hanging fruit for cyber miscreants. It’s like they’ve finally decided to stop inviting hackers to the party by putting a robust bouncer at the door. Who knew that being proactive could be so fashionable?
Key Points:
- Microsoft introduces default security protections to thwart NTLM relay attacks on Exchange servers.
- Extended Protection for Authentication (EPA) is now enabled by default in Exchange Server 2019 and Windows Server 2025.
- Channel binding is also default for LDAP, and EPA is enabled on Azure Directory Certificate Services (AD CS).
- NTLMv1 is removed and NTLMv2 deprecated in Windows Server 2025 and Windows 11 24H2.
- Microsoft aims to disable NTLM by default, pushing towards a “secure by default” posture.
Already a member? Log in here